Hi BR,
i sounds to me you're using a layer4 virtual in the first scenario, where the certificates are bound to the real servers and the mutual SSL-Handshake is performed between your client and the real servers. But in the second scenario you are switching to a layer7 virtual and moving the initial SSL termination to your F5?
If this is the case, then the SSL-authentication would just fail, since the F5 simply cant pass the SSL-handshake to the real server. Unfortunately there isn't an easy solution for this behavior. It would require to revesit the entire authentication mechanism to perform pre-authentication and some sort of credential delegation (e.g. X-Forwarded-User, Kerberos Delegation, etc.)...
Cheers, Kai